FreeBSD : bnc -- remotely exploitable buffer overflow in getnickuserhost (9be819c6-4633-11d9-a9e7-0001020eed82)

critical Nessus Plugin ID 19048

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A LSS Security Advisory reports :

There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from IRC server.

Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If the attacker has access to BNC proxy server, this vulnerability can be used to gain shell access on machine where BNC proxy server is set.

Solution

Update the affected package.

See Also

https://marc.info/?l=bugtraq&m=110011817627839

http://www.nessus.org/u?388d13fb

http://www.gotbnc.com/changes.html

http://www.nessus.org/u?b01384be

Plugin Details

Severity: Critical

ID: 19048

File Name: freebsd_pkg_9be819c6463311d9a9e70001020eed82.nasl

Version: 1.21

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bnc, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/4/2004

Vulnerability Publication Date: 11/10/2004

Reference Information

CVE: CVE-2004-1052